0ae3441949
adapt to comment
2020-01-22 13:59:33 +01:00
b7690a45d7
sc_decompress_zlib_alloc: check inputs, avoid int underflow
...
- turns out, you can shrink a buffer with realloc on some implementations
- realloc is never called with 0 (which would free the data)
- length checking is done in zlib, we just do the allocation
closes https://github.com/OpenSC/OpenSC/issues/1905
2020-01-20 10:13:27 +01:00
23fcccecf4
reader-pcsc: Add a way to create corpus files for fuzzing
2020-01-07 17:18:05 +01:00
a1b5feea96
pkcs15-coolkey: Improve logging and formatting
2020-01-07 17:18:05 +01:00
82ba7f311f
pkcs15-syn: Improve logging
2020-01-07 17:18:05 +01:00
900cf7aca9
coolkey: Improve logging
2020-01-07 17:18:05 +01:00
cae3b71d75
gp: Define the structure packed, as it is used directly to read data inside
2020-01-07 17:18:05 +01:00
8fd5ffd54e
simpletlv: Avoid writing before all sanity checks in sc_simpletlv_put_tag()
2020-01-07 17:07:48 +01:00
b0d3a70b91
coolkey: Improve logging of return codes
2020-01-07 17:07:48 +01:00
8ddfafe057
asn1: Empty bit string requires empty zero-bits indicator
2020-01-07 14:50:48 +01:00
2c913155a2
asn1: Do not accept non-minimal encoding of OBJECT IDs
2020-01-07 14:50:48 +01:00
aaa302ca35
asn1: Allow non-strict INTEGER parsing for other code paths (FCI parsing)
2020-01-07 14:50:47 +01:00
fefff2e462
asn1: Simplify the OID decoding
2020-01-07 14:50:47 +01:00
89ed273e81
cac1: Simplify the cycle definintion
2020-01-07 14:50:47 +01:00
4faf517af4
asn1: Handle more corner cases of OBJECT ID parsing
2020-01-07 14:50:47 +01:00
c449aa4430
asn1: Reject integers with bogus zero/non-zero bytes on left
2020-01-07 14:50:47 +01:00
d3e9b55223
asn1: Distinguish error codes for invalid objects from implementation limitation (integer size)
2020-01-07 14:50:47 +01:00
1271299955
ans1: Verify the padding in BIT STRING contains only zero bits
2020-01-07 14:50:47 +01:00
c1814571bd
asn1: Avoid invalid unused bits values
2020-01-07 14:50:47 +01:00
61af2c1d0a
asn1: Add support for encoding large values in OIDs
2020-01-07 14:50:47 +01:00
19501715d7
asn1: Correctly handle OIDs with second octet > 39
2020-01-07 14:50:47 +01:00
8e8c3735bc
idprime: Reflect the OS version in the card name
2020-01-07 14:16:46 +01:00
bebb5be6e0
idprime: Simplify applet selection and limit file size to sensible values
2020-01-07 14:16:46 +01:00
3537cbbc78
Unbreak RSA-PSS padding
2020-01-07 14:16:46 +01:00
fe8f6297f0
idprime: Add support for longer PINs
2020-01-07 14:16:46 +01:00
5017768e5b
idprime: Detect the newer version of OS using CPLC data
2020-01-07 14:16:46 +01:00
2c9510af1e
Improve parsing of the root file and store also the object length
2020-01-07 14:16:46 +01:00
fdcc843e78
idprime: Implement a way of getting token label from special card structure
2020-01-07 14:16:46 +01:00
48e3239857
pkcs15-cac: Use constants rather than magic numbers
2020-01-07 14:16:46 +01:00
f61d9b3b53
Implement new Gemalto IDPrime driver
...
The card is largely ISO 7816 compliant, but does not provide any
simple way of listing the content which is supported by current
PKCS#15 implementation therefore the PKCS#15 emulator had to be
used.
The certificates are compressed in a similar way as in DNIE
cards which complicates reading from the card and which I think
could be moved to the shared ISO (or some other file since I saw
that code already many times).
The card supports wide range of algorithms including
RSA-PSS and RSA-OAEP padding schemes in-card. On the other hand,
it does not allow raw RSA and SHA1 hashes on card anymore.
The card is manufactured by Gemalto so it has strict ATR which
can be used for detection.
2020-01-07 14:16:46 +01:00
3a3a465e6b
Add basic support for OEAP decryption in OpenSC internals
2020-01-07 13:30:28 +01:00
2882c93ec1
pkcs15: Expose the map_usage() function from CAC to other pkcs15 emulators
2020-01-07 13:29:53 +01:00
5e1bfe0acc
Drop the pkcs15.h from simpletlv.h
2020-01-07 13:29:53 +01:00
4d2b860c7f
OpenPGP: add ATR for Yubikey 5
2020-01-07 11:09:00 +01:00
31b8c7a404
OpenPGP: first steps at supporting OpenPGP card spec 3.4
2020-01-07 11:09:00 +01:00
3af3d0ecee
openpgp: add nistp256 and secp251k1 curves for gnuk devices
2020-01-07 11:08:25 +01:00
5dd9fcb25c
Fix asn1.c:print_tags_recursive
2020-01-07 10:18:46 +01:00
4ad55997e0
sc_pkcs15_decode_skdf_entry: break all looping on oid match: on average better performance
2020-01-07 10:17:39 +01:00
cfd5519b98
simplify PIV I/O
2020-01-07 10:06:23 +01:00
0b4b7fbaf0
openssl: Drop all compatibility checks for <=openssl-1.0.0
2020-01-06 15:47:07 +01:00
6b84407c3d
tcos: fix indentation and braces
...
Increase readability. No content-based changes.
2020-01-06 15:43:46 +01:00
05e3f7b667
Fix misleading code indentation
...
Fixes
error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if(cipher)
^
../../../git/src/libopensc/card-entersafe.c:369:2: note: previous statement is here
if(sbuf)
^
2019-12-28 18:18:06 +01:00
9eed40ea31
tcos: add encryption certificate for IDKey
...
Fixes https://github.com/frankmorgner/OpenSCToken/issues/21
2019-12-28 18:15:55 +01:00
1cc6087126
fix buffer length for printing DFs
2019-12-19 04:44:59 +01:00
b59456b6e4
Update card-gids.c to support 3072 & 4096 RSA key sizes
2019-12-19 04:33:14 +01:00
187d908feb
tcos: allow correct input length when signing
...
For 2048 bit keys the padded input is 256 bytes long.
Fixes https://github.com/frankmorgner/OpenSCToken/issues/20
2019-12-19 04:30:27 +01:00
55b7a6fefd
Revert "tcos: Do not advertize non-functional RSA RAW algorithms"
...
This reverts commit bee5c6d639https://github.com/frankmorgner/OpenSCToken/issues/20#issuecomment-566455157
2019-12-19 04:30:27 +01:00
333c41c5d5
pgp: don't write beyond oid object
...
fixes Stack-buffer-overflow
https://oss-fuzz.com/testcase-detail/6329203163398144
2019-12-18 14:55:46 +01:00
ee78b0b805
pkcs15-coolkey: Fix EC key type and fail on invalid key types
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19251
2019-12-11 09:19:45 +01:00
708cedbdad
dir: Correctly free allocated memory on error
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19265
2019-12-11 09:19:45 +01:00
17d9d8450c
Enabled extended APDU support for StarCOS 3x cards
2019-12-05 16:48:11 +01:00
a450b3427e
Fix path unifying of StarCOS 3.5 cards
2019-12-05 16:48:11 +01:00
9f2c112ecb
Add new ATR for StarCOS 3.5
2019-12-05 16:48:11 +01:00
c99d62c04a
Add PIN encoding detection for StarCOS 3x cards
2019-12-05 16:48:11 +01:00
5fa633075d
GIDS Decipher fix for TPM
...
GIDS decipher APDU fails with status '65 00' or '67 00' if
"Padding Indication" byte is present. Debug logs of Microsoft
certutil -v -scinfo using Microsoft drivers show that for a
decipher, the "Padding Indication" is not present. It maybe
needed if Secure Messaging is added later.
Extended APDU is turned off as this may not be supported on
some cards. Chaining is used used instead, it works on all cards.
RAW RSA is turned off, it is supported.
Tested with pkcs11-tool on Windows 10 with a TPM 2.0 module.
On branch gids-decipher
Changes to be committed:
modified: src/libopensc/card-gids.c
Date: Tue Dec 3 18:08:32 2019 -0600
interactive rebase in progress; onto 01678e87
2019-12-05 16:33:27 +01:00
e91853bda8
Simplify code and card detection
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-12-05 10:51:55 +01:00
366adbd546
Fixing invalid signature with 3072 RSA bits in GemsafeV1
2019-12-05 10:46:21 +01:00
dbe932152d
Fixing invalid signature with 3072 RSA bits in GemsafeV1
2019-12-05 10:46:21 +01:00
642a3ee734
cardos: Use more appropriate RSA flags for CardOS 5
...
Fixes #1864
2019-12-05 10:45:34 +01:00
afe255c5b2
Remove never set constants and their handling in cardos driver
2019-12-05 10:45:34 +01:00
2bab09ac03
tcos: Use unique IDs for certificates
2019-12-05 10:43:17 +01:00
88e3c44f22
tcos: Drop undocumented tags from security environment data
2019-12-05 10:43:17 +01:00
bee5c6d639
tcos: Do not advertize non-functional RSA RAW algorithms
2019-12-05 10:43:17 +01:00
424eca8bef
tcos: Remove duplicate lines
2019-12-05 10:43:17 +01:00
4c67bbf383
coolkey: Avoid addressing behind allocated buffers
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19222
2019-12-04 21:47:47 +01:00
c246f6f69a
coolkey: Make sure the object ID is unique when filling list
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
2019-12-04 21:47:47 +01:00
32b49894c5
sc-hsm: Add ATR for faster token variant
2019-12-04 21:43:47 +01:00
7858f3cd06
sc-hsm: Add support for SmartCard-HSM MicroSD card
2019-12-04 21:43:47 +01:00
ef61a95b31
coolkey: Make sure the matching objects have same lengths
...
This ensures that we do not go behind the allocated buffer if
we get wrong data.
Thanks to oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19031
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19032
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19038
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19039
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19040
2019-11-29 22:48:00 +01:00
aa6d3e1d36
coolkey: Fix the comparator return value
2019-11-29 22:48:00 +01:00
249e928176
gp: Correctly check for the CPLC data length
2019-11-29 22:47:26 +01:00
4f3d87d03c
coolkey: Split the CPLC related structures and function to the generic GP file
2019-11-29 22:47:26 +01:00
326955a147
reader-pcsc: Preserve the CARD_PRESENT flag to make sure the card is detected after reader reinsertion
2019-11-28 11:18:25 +01:00
ce71b171e2
Add support for 4K RSA keys in GemsafeV1
2019-11-23 22:13:28 +01:00
6d98f8c8d8
card-myeid.c: issue #1219
2019-11-23 21:38:14 +01:00
2d02de4233
coolkey: Do not return uninitialized data if card does not return CPLP data
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18990
2019-11-18 14:02:07 +01:00
bec794fbee
fixed memory leak
...
https://crbug.com/oss-fuzz/18953
2019-11-18 14:01:50 +01:00
c4dcac5de7
pkcs15-prkey: Free allocated data on all error exit paths
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18790
2019-11-14 19:36:01 +01:00
6d6d158f13
pkcs15-cert: Free data on all error exit paths
...
https://oss-fuzz.com/testcase-detail/5645063405436928
2019-11-14 19:36:01 +01:00
5645fe2d16
muscle: Check length first before calling memcmp()
2019-11-14 19:36:01 +01:00
1594b1167d
muscle: Initialize variables and check return codes
2019-11-14 19:36:01 +01:00
7360c4bf0c
muscle: Avoid access uninitialized memory
2019-11-14 19:36:01 +01:00
2c68c0662c
coolkey: Avoid success from init if there are no reasonable data raturned
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18918
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18915
2019-11-14 19:36:01 +01:00
75847f4e93
Make ef_dir variable local
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18821
2019-11-13 15:48:40 +01:00
f11c286bc6
coolkey: Refactor the object listing to avoid invalid memory access
...
Probably resolves some bad memory access from oss-fuzz such as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18907
2019-11-13 15:48:33 +01:00
07d3d8e0df
compression: Free allocated data and return error if nothing was uncompressed
...
Also harmonizes the return codes from decompress*() functions
Fixes oss-fuzz issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18771
2019-11-13 15:48:25 +01:00
5557f34f5e
Revert "pkcs15-pubkey: Avoid memory leaks"
...
This reverts commit 0977b5496a
2019-11-12 11:57:43 +01:00
b79db82ae7
openpgp: Workaround non-compliant Yubikey 5 OpenPGP applets
...
Fixes #1850
2019-11-12 03:38:09 +01:00
0977b5496a
pkcs15-pubkey: Avoid memory leaks
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:53 +01:00
cc917b541f
asn1: Avoid calling malloc with 0 argument
...
Caused problems reported by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:41 +01:00
cd51430ba7
asn1: Avoid malloc(0) also from BIT STRING and GENERALIZED TIME structures
2019-11-11 22:02:30 +01:00
e50bc29bd9
card-setcos.c: Avoid unsigned integer underflow
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18798
2019-11-11 22:02:18 +01:00
c173563ad2
coolkey: Accept only SW=90 00 as success to prevent interpretting invalid values
2019-11-11 22:02:08 +01:00
ef3e223917
coolkey: Do not interpret empty answers as success
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18868
2019-11-11 22:01:56 +01:00
e6a24b71ab
MyEID: fix max_recv_size
...
MyEID 3.3.3 is not working with hardcoded max_recv_size=256 in
card-myeid.c. Use max_recv_size=255 if card major version < 40
Fixes #1852
2019-11-11 21:01:51 +01:00
a8de0070fd
fixed Null-dereference READ
...
https://oss-fuzz.com/testcase-detail/5644373382922240
Thanks to OSS-Fuzz
2019-11-06 23:38:37 +01:00
1a069ca71e
fixed Global-buffer-overflow READ 1
...
https://oss-fuzz.com/testcase-detail/5685978287308800
Thanks to OSS-Fuzz
2019-11-06 23:08:43 +01:00
8fea658fe9
fixed 121888 Time of check time of use
2019-11-05 21:49:30 +01:00
3a5a90450e
fixed 333715 Dereference after null check
2019-11-05 21:49:30 +01:00
8d7092c0cb
13598 Unchecked return value
2019-11-05 21:49:30 +01:00
Frank Morgner
Jakub Jelen
Peter Marschall
alex-nitrokey
carblue
Priit Laes
Julian Strobl
Khem Raj
Benjamin DELPY
Jakub Jelen
dojo
Doug Engert
Raul Metsma
AdriaoNeves
Andreas Schwier
Peter Popovec